So I'm pretty sure this was mentioned elsewhere on the forum, but as things unfold this has become really interesting. Here's the short take: Anonymous recently went after companies in retaliation for actions against Wikileaks, and apparently provided some support to people trying to get information out of Egypt. This has pissed off our government, among others. So HBGary, some company you and I have never heard of before but still a government and private sector "security" contractor, investigated and claimed to have information on Anonymous members. Anonymous responded by obliterating the company's data and, more importantly, their reputation.

Here's NPR's summary article:

Quote: The hacktivist group Anonymous is at it again. This time, it has humiliated an Internet security firm that threatened to out the group's hierarchy.

If you remember, Anonymous has been in the news, first, because in support of WikiLeaks, it undertook cyberattacks that brought down the websites of Visa and Mastercard. Second, because it brought down the sites of some government entities in Egypt and helped the anti-government protesters with technical help. Third, because as NPR's Martin Kaste reported, the FBI is hot on the group's heels. (Kaste has more on tonight's All Things Considered.)

Today, the website ArsTechnica ran a piece that details how Anonymous methodically went after HBGary Federal's digital infrastructure. Earlier this month, HBGary Federal's CEO Aaron Barr said the company, which specializes in analyzing vulnerabilities in computer security for companies and even some government agencies, had undertaken an investigation of Anonymous and had used social media to unmask the group's most important people.

The Financial Times reported:

Of a few hundred participants in operations, only about 30 are steadily active, with 10 people who "are the most senior and co-ordinate and manage most of the decisions," Mr. Barr told the Financial Times. That team works together in private internet relay chat sessions, through e-mail and in Facebook groups. Mr Barr said he had collected information on the core leaders, including many of their real names, and that they could be arrested if law enforcement had the same data.

Barr said an HBGary representative was set to give a presentation at a security conference in San Francisco, but as soon as Anonymous got wind of their plans, it hacked into HBGary's servers, rifled through their e-mails and published them to the web. The group defaced HBGary's website and published the user registration database of another site owned by Greg Hoglund, owner of HBGary.

Amazingly, reports ArsTechnica, Anonymous managed all this by exploiting easy and everyday security flaws. First, it found that the content management system — a program that allows for easy publishing to the web — had a security vulnerability. The group was able to get into the usernames and passwords from the database and, as ArsTechnica puts it, HBGary employees did not follow Internet best practices and used the same passwords over and over on different sites including their e-mail accounts, Twitter and LinkedIn accounts.

If you're interested in the details of the operation, ArsTechnica does a great job at putting it in easy-to-understand words. But perhaps one of the more interesting things the piece manages to cull is a profile of the people behind Anonymous.

The popular characterization has been that it's a bunch of kids. But ArsTechnica, which spoke to Anonymous members, says that:

Anonymous is a diverse bunch: though they tend to be younger rather than older, their age group spans decades. Some may still be in school, but many others are gainfully employed office-workers, software developers, or IT support technicians, among other things. With that diversity in age and experience comes a diversity of expertise and ability.

As for HBGary, the attacks forced it to pull out of the RSA Security conference in San Francisco, the biggest of its kind. The company posted a sign outside its booth with the same note that's on its website:

A group of aggressive hackers known as "Anonymous" illegally broke into computer systems and stole proprietary and confidential information from HBGary, Inc. This breach was in violation of federal and state laws, and stolen information was publicly released without our consent.

In addition to the data theft, HBGary individuals have received numerous threats of violence including threats at our tradeshow booth.

In an effort to protect our employees, customers and the RSA Conference community, HBGary has decided to remove our booth and cancel all talks.

HBGary is continuing to work intensely with law enforcement on this matter and hopes to bring those responsible to justice.

Thank you to all of our employees, our customers and the security community for your continued support.

HBGary, Inc.

Forbes reports that HBGary has become "toxic," its clients and partners cutting ties. It reports that CEO Barr also canceled the talk at the B-Sides conference, which was supposed to be about Anonymous.

For the little bit of disruption that they are causing they are going to give excuses to governments to lock down the internet if this shit keeps up.

Thu Feb 17, 2011 9:05 am

neveragainlikesheep

Joined: 22 May 2008
Posts: 2536
Location: TKO from Tokyo

firefly wrote: I think that these "anonymous" guys are either idiots or agents.

For the little bit of disruption that they are causing they are going to give excuses to governments to lock down the internet if this shit keeps up.

And governments don't already do that all the time at the moment?

Thu Feb 17, 2011 9:12 am

crash

Joined: 07 Aug 2003
Posts: 5457
Location: the chocolate city with a marshmallow center and a graham cracker crust of corruption

this is pretty awesome, but i'm a little worried where this could lead. i've heard people refer to DoS attacks as a sort of cyber protest - like a sit in - but a lot of this stuff seems similar to terrorism.

the point of protest is to highlight an injustice by garnering media attention. anonymous, on the other hand, is discouraging companies from acting against their or wikileak's interest by taking direct action against those companies. this sends the message to other companies "watch your behavior or you will be attacked." that's terrorism, right?

it seems like the script kiddies are far more adept at this sort of warfare than the government / big business. i guess that being an internet vigilante is a lot more alluring than wearing a tie and making lots of money. as long as that's how things are working then i think these actions will be anti-authoritarian... but when the interests of the vigilantes and the govt are the same (like in china)... that has me worried.

Thu Feb 17, 2011 9:25 am

redball

Joined: 12 May 2006
Posts: 6878
Location: Northern New Jersey

Ya know, I don't think Anonymous are the great freedom fighters of our day. I think "hacktivist" is probably the most apt term for them. The shit they do is typically on the level of your basic protester or tagger.

Except this. This is the equivalent of demolishing a line of riot police. Here was a firm that was out to try to make an example of a few of them and instead they've basically been put out of business. There's few other cases I can think of where a group of hackers actually ruined a business. That's what makes it so interesting to me.

But I will vehemently disagree with the shitty circular logic that someone doing something to upset authority is always a covert operation by government forces to give them the excuse to exert power. That situation is the exception, not the rule. To argue this is to basically subvert any anti-establishment action that isn't entirely within the law... and that actually helps the establishment.